Google Bypasses Privacy, Puts Users’ Data on the Map

A netizen has found that Google has changed their domain structures to track users’ locations across their services.
Listen to this story

Google’s handling of user data has long been a subject of concern for data privacy enthusiasts. While the tech giant has undergone a comparatively low number of data breaches in recent history, its hold over the Android platform allows them to harvest an unprecedented amount of data. 

Now, Google is taking more steps to ensure the collection of user data across non-mobile devices as well. Recently, a netizen found that Google has changed their domain structures to include all their services under one parent domain. This means that any permissions given by the user for one google service, such as Google Maps, extend to all Google services under the domain. 

To understand why this is a serious privacy concern for users, we must first look at how domains work. There are two types of web directory management systems: subdomains and subdirectories

Subscribe to our Newsletter

Join our editors every weekday evening as they steer you through the most significant news of the day, introduce you to fresh perspectives, and provide unexpected moments of joy
Your newsletter subscriptions are subject to AIM Privacy Policy and Terms and Conditions.

Subdomains are treated as children of the parent domain, but they exist outside the main domain within a disparate partition. Subdirectories, on the other hand, are treated as part of the main domain as they are nothing but a page under the domain.

For instance, Google was previously using a subdomain for Google Maps, as seen by its URL ‘maps.google.com’.

Now, they have switched to using a subdirectory, with the URL changing to ‘google.com/maps’. 

This means that the permission pop-up that appears when a website is trying to access the user’s camera, mic, or location, only needs to be accepted once across Google’s vast range of services. Then, Google can use these permissions for all their services without having to ask the users again.

As shown below, the user’s mic can be accessed from the Google search page, with camera permissions being granted from Google Meet. Location access can be granted through Google Maps, and this is likely to allow the search engine to track the user’s location even if they have not specifically given permission for it, or other applications. 

This skirts the line of legality when it comes to prominent data protection regulations like the GDPR and the American Data Privacy and Protection Act. 

The GDPR states that the provider’s privacy policy clearly mentions an explanation that the company must request consent for camera and mic access. Moreover, the company must also provide an explanation of their purposes for requesting camera access. India’s new privacy policy, on the other hand, has no legal purview regarding company’s usage of location data. Google’s Privacy Policy does not provide any clarity on these subjects.

In addition to this, location data is considered to be personal data under GDPR, with a huge chunk of the regulation being applicable to it. In the Google Chrome Privacy Policy, Google has a section on how it determines users locations and what it uses it for. However, while they specify that they won’t allow a site to access users’ locations without permission, they also state that they send data to Google Location Services to determine the user’s location. This data consists of information on nearby Wi-Fi routers, cell IDs of cell towers close to the user, and the user’s IP address. 

Any user wishing to use Google Maps for a short stretch of navigation will now be asked to give permission to Google to access their location. Upon providing this permission, Google can access this data at any time due to their new domain structure, allowing them to geo-track the user any time they have a Google website open. 

Along with Apple’s covert implementation of user tracking, this shows a disturbing trend in the tech sector, where companies are tracking users by operating in grey areas of regulations. 

Read: Square the Circle: Apple’s Privacy Play Lands It in Trouble… Again

The more sinister side of it, however, is the fact that these changes were made without any notification to users, creating another treasure trove of unsupervised surveillance data for tech giants to monetise using advertising. 

Anirudh VK
I am an AI enthusiast and love keeping up with the latest events in the space. I love video games and pizza.

Download our Mobile App

MachineHack | AI Hackathons, Coding & Learning

Host Hackathons & Recruit Great Data Talent!

AIMResearch Pioneering advanced AI market research

With a decade of experience under our belt, we are transforming how businesses use AI & data-driven insights to succeed.

The Gold Standard for Recognizing Excellence in Data Science and Tech Workplaces

With Best Firm Certification, you can effortlessly delve into the minds of your employees, unveil invaluable perspectives, and gain distinguished acclaim for fostering an exceptional company culture.

AIM Leaders Council

World’s Biggest Community Exclusively For Senior Executives In Data Science And Analytics.

3 Ways to Join our Community

Telegram group

Discover special offers, top stories, upcoming events, and more.

Discord Server

Stay Connected with a larger ecosystem of data science and ML Professionals

Subscribe to our Daily newsletter

Get our daily awesome stories & videos in your inbox
MOST POPULAR